Sll for hostname still getting old hostname

S

samuelmf

Verified User
Joined
Jul 30, 2021
Messages
155
Hi guys, i'm trying to install ssl for my server hostname, but the server refuse to recognize core.mydomain.com as hostname instead the letsencript show me as hostname the one that is setup when DA is installed server-xx-xx-xx-xx.da.direct.

What i'm doing wrong?
I already checked my hosts file and the stock hostname is not there.
Must i look on another place to fix it?

Thanks in advance
 
Via SSH as root:
hostnamectl set-hostname server.mydomain.com
after that check your /etc/hostname file to see if the hostname is in there, if not, adjust it.

After that check your /etc/hosts file to have it contain like this:
Code: 
127.0.0.1 localhost
your.ip.ad.res server.mydomain.com

Reboot your server/vps and issue these commands check if they return the correct hostname.
hostname
and
hostname -f
both commands should give the full server.mydomain.com hostname as a result.

Then also change it in Directadmin.
Login as admin, go to DNS administration, check for the server-xx-xx-xx-xx.da.direct and delete it if present.

Then in DNS administration, create your new hostname like you would for a domain. So use the "Add DNS zone" option.
You will have to fill in the server ip and the nameservers.

Now there is a bug, so login to SSH and go to the /etc/virtual directory and make sure that the directory server.mydomain.com is present in there too, if not created it and chown it to mail and chmod to 711.
chown mail. server.mydomain.com
chmod 711 server.mydomain.com

If you are using an external nameserver, be sure to create the appropriate A record for the hostname there too.
That might need a bit of time to sync, but after that your hostname should be working.

Additionally: Dont forget to create a new hostname certificate for your hostname, for example:
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single server.mydomain.com 4096

Also, be sure to have a valid rDNS/PTR record for your hostname. You can normally set this in the control panel of the one who gave you the server ip, so mostly datacenter control panel or panel of VPS provider.

NB! In some cases if the hostname is changed afterwards, when trying to create a certificate for the hostname, LE will still try to get a certificate for the server-xx-xx-xx.da.direct hostname.
In that case doublecheck your /etc/hosts and /etc/hostname file that it contains your new hostname and the old is removed. If not, adjust the file(s) accordingly.

Addition out of completeness.
@zEitEr advised to remove these files if the server.xx.xx.da.direct hostname stays after a hostname change:
  • /usr/local/directadmin/conf/ca.csr
  • /usr/local/directadmin/conf/ca.san_config
  • /usr/local/directadmin/conf/cacert.pem
  • /usr/local/directadmin/conf/cacert.pem.combined
  • /usr/local/directadmin/conf/cacert.pem.creation_time
  • /usr/local/directadmin/conf/cakey.pem
  • /usr/local/directadmin/conf/carootcert.pem
  • /usr/local/directadmin/conf/letsencrypt.key
  • /usr/local/directadmin/conf/letsencrypt.key.json
At least in that case LE can't use them anymore, which will fix the issue for sure if the normal request does not work for you.

=====================
Edit: Adjust the post a bit, changed "core.mydomain.com" to "server.mydomain.com" as hostname, so i can use this post better as example for others too.
Edit 07-febr-2024: Added last alinea about da.direct hostname not dissapearing due to some reports about this. And added the advise from @zEitEr.
 
Last edited:
Kudos!
Thanks one more time @Richard G all is ok now, and the ssl is working as expected.
One question, does DA have a web setup wizard like cpanel?
1694642976692.png

If no, it is not planned on future versions?
 
You're welcome.
DA does not have a web setup like cPanel does. Price difference must come from some things I guess. ;)
I'm also just a customer so I don't have a clue if there plants for something like this or related in the future.
 
Richard G said:
You're welcome.
DA does not have a web setup like cPanel does. Price difference must come from some things I guess. ;)
I'm also just a customer so I don't have a clue if there plants for something like this or related in the future.
Click to expand...
Ohh, i was thinking you are part of DA Team!
I hope someday we have the option for a web based installer.
 
Richard G said:
Via SSH as root:
hostnamectl set-hostname server.mydomain.com
after that check your /etc/hostname file to see if the hostname is in there, if not, adjust it.

After that check your /etc/hosts file to have it contain like this:
Code: 
127.0.0.1 localhost
your.ip.ad.res server.mydomain.com

Reboot your server/vps and issue these commands check if they return the correct hostname.
hostname
and
hostname -f
both commands should give the full server.mydomain.com hostname as a result.

Then also change it in Directadmin.
Login as admin, go to DNS administration, check for the server-xx-xx-xx-xx.da.direct and delete it if present.

Then in DNS administration, create your new hostname like a domain.
You will have to fill in the server ip and the nameservers.

Now there is a bug, so login to SSH and go to the /etc/virtual directory and make sure that the directory server.mydomain.com is present in there too, if not created it and chown it to mail and chmod to 711.
chown mail. server.mydomain.com chmod 711 server.mydomain.com

If you are using an external nameserver, be sure to create the appropriate A record for the hostname there too.
That might need a bit of time to sync, but after that your hostname should be working.

Additionally: Dont forget to create a new hostname certificate for your hostname, for example:
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single server.mydomain.com 4096

Also, be sure to have a valid rDNS/PTR record for your hostname. You can normally set this in the control panel of the one who gave you the server ip, so mostly datacenter control panel or panel of VPS provider.

=====================
Edit: Adjust the post a bit, changed "core.mydomain.com" to "server.mydomain.com" as hostname, so i can use this post better as example for others too.
Click to expand...
Thank you, I had a good start to the day!
From all the advice, I did not understand where to place the certificate.
But letsencrypt.sh itself put everything on the shelves.
Code: 
cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single [my domain] 4096
Setting up certificate for a hostname: [my domain]
2023/12/21 07:17:48 [INFO] [my domain] acme: Obtaining SAN certificate
2023/12/21 07:17:49 [INFO] [my domain] AuthURL: [letsencrypt]/acme/authz-v3/295793548486
2023/12/21 07:17:49 [INFO] [my domain] acme: Could not find solver for: tls-alpn-01
2023/12/21 07:17:49 [INFO] [my domain] acme: use http-01 solver
2023/12/21 07:17:49 [INFO] [my domain] acme: Trying to solve HTTP-01
2023/12/21 07:17:57 [INFO] [my domain] The server validated our request
2023/12/21 07:17:57 [INFO] [my domain] acme: Validations succeeded; requesting certificates
2023/12/21 07:18:01 [INFO] [my domain] Server responded with a certificate for the preferred certificate chains "ISRG Root X1".
Certificate for [my domain] has been created successfully!
DirectAdmin certificate has been setup.
Setting up cert for Exim...
2023/12/21 07:18:02  info executing task            task=action=exim&value=restart
2023/12/21 07:18:02  info executing task            task=action=dovecot&value=restart
Setting up cert for WWW server...
2023/12/21 07:19:32  info executing task            task=action=httpd&affect_php_fpm=no&value=reload
Setting up cert for FTP server...
2023/12/21 07:19:32  info executing task            task=action=pure-ftpd&value=restart
2023/12/21 07:19:33  info executing task            task=action=directadmin&value=restart

Until now, I do not understand how to set up automatic renewal.

Thank you again, VolodymyrP.
 
volodymyrp said:
Until now, I do not understand how to set up automatic renewal.
Click to expand...
Hello Volodymyr.

Indeed the Directadmin script for Letsencrypt places everything automatically in the correct place, so that is why it's not said where to place in the manual.

Because you created a DNS entry for the hostname via DNS administration, the renewal will be automatically, you don't have to do anything for that. So no worry's there.

However I would advise to check sometimes if it's still valid. But normally it should be fine.

Your welcome.

Happy holidays!
Greetings, Richard.
 
Richard G said:
  • /usr/local/directadmin/conf/ca.csr
  • /usr/local/directadmin/conf/ca.san_config
  • /usr/local/directadmin/conf/cacert.pem
  • /usr/local/directadmin/conf/cacert.pem.combined
  • /usr/local/directadmin/conf/cacert.pem.creation_time
  • /usr/local/directadmin/conf/cakey.pem
  • /usr/local/directadmin/conf/carootcert.pem
  • /usr/local/directadmin/conf/letsencrypt.key
  • /usr/local/directadmin/conf/letsencrypt.key.json
Click to expand...
After deleting these files, SSL was generated with name new hostname.
 
You must log in or register to reply here.
Back
Top